ÅäÖÃFCKÉÏ´«£¨PHP£©
ҪʹÄúµÄFCKeditorÄܹ»Ê¹ÓÃÉÏ´«¹¦ÄÜ£¬Äú±ØÐë½øÐÐÒÔÏÂÅäÖÆ¡£
×¢Ò⣺FCKeditor²»Ö§³ÖÐéÄâĿ¼£¬ÄúµÄ·¾¶ÉèÖö¼ÊÇÕë¶ÔÍøÕ¾¸ùĿ¼µÄ¾ø¶Ô·¾¶¶øÑԵġ£Õâµã¶ÔÓÚ·¢²¼µ½Ô¶³ÌÍøվĿ¼µÄ¿ª·¢Õß¼«Îª²»±ã£¬ºóÃæÎÒÃÇ»á¶Ô´Ë½øÐÐÌÖÂÛ¡£
Ò»¡¢´ò¿ªfckeditor\editor\filemanager\upload\php\config.php£¬ÕÒµ½´úÂë$Config['Enabled']£¬½«ÖµÉèÖÃΪtrue¡£
¶þ¡¢½ÓÏÂÀ´¼¸ÐУ¬ÉèÖÃ$Config['UserFilesPath']£¬ÉèÖÃÉÏ´«Â·¾¶¡£
Èý¡¢´ò¿ªfckeditor\fckconfig.jsÎļþ£¬ÕÒµ½´úÂë_FileBrowserLanguage£¬½«ÖµÉèÖÃΪphp¡£½ÓÏÂÀ´Ò»ÐУ¬°Ñ_QuickUploadLanguageÖµÒ²ÉèÖÃΪphp¡£
ÅäÖÃÎļþä¯ÀÀ
Ò»¡¢´ò¿ªfckeditor\editor\filemanager\browser\default\connectors\php\config.php
ÕÒµ½´úÂë$Config['Enabled']£¬½«ÖµÉèÖÃΪtrue;
¶þ¡¢½ÓÏÂÀ´¼¸ÐУ¬ÉèÖÃ$Config['UserFilesPath']£¬ÉèÖÃä¯ÀÀ·¾¶¡£
¹ØÓÚÉÏ´«\Îļþä¯ÀÀ°²È«ÐÔÎÊÌâ
ΪÁ˽â¾öFCKeditor²»Ö§³ÖÐéÄâĿ¼ÎÊÌ⣬ºÍFCKeditorÎļþÉÏ´«µÄ°²È«ÐÔ¿¼Á¼¡£ÎÒÃÇÓбØÒªÔÚÕâÀïµ¥Â۶Դ˽øÐÐÌÖÂÛ¡£
´ò¿ªfckeditor\editor\filemanager\upload\php\config.php£¬ÕÒµ½$Config['UserFilesPath']´úÂ룬ÔÚ´ËÐдúÂë֮ǰ¶¨Òå±äÁ¿$root_path = $_SERVER['PHP_SELF'];
ÖØÐÂÉèÖÃ$Config['UserFilesPath']±äÁ¿µÄÖµ£¬Ê¾ÀýÈçÏ¡£
$Config['UserFilesPath'] = $root_path . ‘ÄúÏëÉÏ´«µÄĿ¼Ãû/’ ;
´ò¿ªfckeditor\editor\filemanager\browser\default\connectors\php\config.php£¬ÕÒµ½´úÂë$Config['UserFilesPath'],ÔÚ´ËÐдúÂë֮ǰ¶¨Òå±äÁ¿$root_path = $_SERVER['PHP_SELF'];
ÖØÐÂÉèÖÃ$Config['UserFilesPath']±äÁ¿µÄÖµ£¬Ê¾ÀýÈçÏ¡£
$Config['UserFilesPath'] = $root_path . ‘ÄúÏëä¯ÀÀµÄĿ¼Ãû/’
ÖÁ´Ë£¬ÄúµÄFCKeditorÒѽâ¾ö²»Ö§³ÖÐéÄâĿ¼ÎÊÌâ¡£½ÓÏÂÀ´£¬ÎÒÃǽéÉÜÒ»ÖÖ¼¼ÇÉÅäÖÃÖ»ÔÊÐí¹ÜÀíÔ±²Å¿ÉÒÔʹÓÃFCKeditorÉÏ´«ÎÊÌâ¡£
½â¾ö·½·¨ÆäʵºÜ¼òµ¥£¬¼ÙÈçÍøÕ¾²ÉÓÃ$_SESSION['admin_id']ÑéÖ¤¹ÜÀíÔ±µÄµÇ¼id£¬ÄúÖ»Ð轫Ïà¹ØµÄ½Å±¾ÎļþÒýÈë¼´¿É¡£È»ºóʹÓÃÏÂÃæµÄ´úÂëÅäÖÃÎļþÉÏ´«\ä¯ÀÀ¿ª¹Ø¡£
¾«¼òFCKeditorÎļþ¿Õ¼ä´óС
FCKeditorĿ¼ÏÂÃæ°üº¬ÓÐÐí¶àʾÀý´úÂ룬ÎĵµµÈ×ÊÔ´£¬ÔÚÎÒÃǵÄW
Ïà¹ØÎĵµ£º
PHPÕýÔò±í´ïʽÖ÷ÒªÓÃÓÚ×Ö·û´®µÄģʽ·Ö¸î¡¢Æ¥Åä¡¢²éÕÒ¼°Ìæ»»²Ù×÷¡£Ê¹ÓÃÕýÔò±í´ïʽÔÚijЩ¼òµ¥µÄ»·¾³Ï¿ÉÄÜЧÂʲ»¸ß£¬Òò´ËÈçºÎ¸üºÃµÄʹÓÃPHPÕýÔò±í´ïʽÐèÒª×ۺϿ¼ÂÇ¡£
ÎÒµÄPHPÕýÔòÈëÃÅ£¬ÊÇÆðÔ´ÓÚÍøÉϵÄһƪÎÄÕ£¬ÕâƪÎÄÕÂÓÉdzÈëÉîµÄ²ûÊöÁËPHPÕýÔò±í´ïʽʹÓõķ½·¨£¬ÎÒ¾õµÃÊÇÒ»¸öºÜºÃµÄÈëÃŲÄÁÏ£¬²»¹ýѧ³É»¹ÊÇÒª¿¿¸öÈË£¬ÔÚʹÓà ......
Ç°Ò»Õó×Ó£¬Éè¼ÆLAJPʱÐèÒªÔÚPHPÖÐÉú³ÉΨһID£¬¿´ËÆС²ËÒ»µúÈ´×ÅʵÈÃÎÒΪÄÑÁË£¬ÔÚJavaÖÐÒ»¸öͬ²½·½·¨¼´¿É¸ã¶¨µÄÊ£¬µ«ÔÚPHPÖÐȴûÓкõĽâ¾ö˼·¡£
ÔÚÍøÉÏËÑÁËËÑ£¬ÓÐÁ½¸ö°ì·¨µ«¶¼²»Ì«ºÃ£ºÒ»¸öÊǼòµ¥µÄÒÔ½ø³ÌID+ʱ¼ä´Á£¬»ò½ø³ÌID+Ëæ»úÊýÀ´²úÉú½üËƵÄΨһID£¬Ëä¼òµ¥µ«¶ÔÓÚ×·Çó“ÍêÃÀ”µÄÎÒ²»Ô¸ÕâÑù´ÕºÏ£¬ÔÙ˵ ......
1¡¢PHP4ÒÔºó»ñÈ¡´«ÖµµÄ·½·¨
Ò»°ãÔÚÒ³ÃæÖд«Öµ³£¼ûµÄÊÇPOST¡¢GETºÍCOOKIE¼¸ÖÖ£¬ËùÒÔÏÂÃæÎÒÒ²Ö÷Òª½éÉÜÕ⼸ÖÖ¡£PHP4ÒԺ󶼲ÉÓõÄÊÇ$_POST¡¢$_GETµÈÊý×éÀ´»ñÈ¡ÍøÒ³´«Öµ¡£ÔÚPHP3.0¼°ÒÔÏ°汾¶¼ÊÇÓõÄÊÇ$HTTP_POST_VARS¡¢$HTTP_GET_VARSµÈÊý×飬¾ßÌå´úÂëÈçÏÂ
echo $_POST['dopost'];
?>
< form action="weste_net.php" ......
1¡¢¹ÅÀϵÄÆÛÆSQLÓï¾ä
ÔÚĬÈÏģʽÏ£¬¼´Ê¹ÊÇÄãÍüÁË°Ñphp.ini¿½µ½/usr/local/lib/php.iniÏ£¬php»¹ÊÇ´ò¿ªmagic_quotes_gpc=on¡£
ÕâÑùËùÓдÓGET/POST/CookieÀ´µÄ±äÁ¿µÄµ¥ÒýºÅ(')¡¢Ë«ÒýºÅ(")¡¢·´Ð±¸Übackslash(\)ÒÔ¼°¿Õ×ÖÔªNUL
(the null byte)¶¼»á±»¼ÓÉÏ·´Ð±¸Ü£¬ÒÔʹÊý¾Ý¿âÄܹ»ÕýÈ·²éѯ¡£
µ«ÊÇÔÚphp-4-RC2µÄʱºòÒýÈë ......
¶ÔÓڽű¾°²È«Õâ¸ö»°ÌâºÃÏñÓÀԶûÍêûÁË£¬Èç¹ûÄã¾³£µ½¹úÍâµÄ¸÷ÖÖ¸÷ÑùµÄbugtraqÉÏ£¬Äã»á·¢ÏÖÓÐÒ»°ëÒÔÉ϶¼ºÍ½Å±¾Ïà¹Ø£¬ÖîÈçSQL
injection£¬XSS£¬Path Disclosure£¬Remote commands executionÕâÑùµÄ×ÖÑ۱ȱȽÔÊÇ£¬ÎÒÃÇ¿´ÁËÖ®ºóµÄÓÃ;ÄѵÀ½ö½öÊÇ×¥È⼦?¶ÔÓÚÎÒÃÇÏë×öweb°²È«µÄÈËÀ´Ëµ£¬×îºÃ¾ÍÊÇÄÃÀ´Ñ§Ï°
£¬¿ÉÊÇÍòÎï×¥¸ùÔ´£¬ÎÒà ......
